Successfully Integrating Security into the Software Development Life Cycle

Category: Web Security Readings - Last Updated: Wed, 16 Oct 2019 - by Allen Baird
Successfully Integrating Security into the Software Development Life Cycle

It is vital that security measures, including web application security scanning, play an early role in the software development life cycle. This article summarizes a podcast discussion in which Netsparker CEO Ferruh Mavituna talks about the place of security testing in the SDLC and how companies can achieve this integration with maximum success. Read More

Scaling-Up and Automating Web Application Security

Category: Web Security Readings - Last Updated: Tue, 03 Sep 2019 - by Allen Baird
Scaling-Up and Automating Web Application Security

This blog post summarizes a security talk given by CEO, Ferruh Mavituna, about scaling-up and automating web application security. Ferruh discusses the stages of vulnerability detection, website and vulnerability categories, the benefits and limits of automation, pre and post-scan challenges to automation, and the elimination of false positives. Read More

Ferruh Mavituna is Interviewed About Netsparker by Enis Hulli, Host of Glocal

Category: News - Last Updated: Thu, 27 Jun 2019 - by Allen Baird
Ferruh Mavituna is Interviewed About Netsparker by Enis Hulli, Host of Glocal

Enis Hulli from Glocal interviews Netsparker CEO Ferruh Mavituna on what inspired him to start Netsparker, and the key points in Netsparker’s development from startup to market leader. Ferruh plots Netsparker’s target market, biggest competitors, current traction and future prospects. They also examine current security needs of tech companies. Read More

Ferruh Mavituna Talks About Discovering Websites on Business Security Weekly #129

Category: Web Security Readings - Last Updated: Tue, 11 Jun 2019 - by Allen Baird
Ferruh Mavituna Talks About Discovering Websites on Business Security Weekly #129

Netsparker CEO Ferruh Mavituna is interviewed on Business Security Weekly about the importance of an asset discovery service. He discusses the need for a multi-layered approach, the place of discovery in the SDLC, the use of Netsparker as a pre-purchase software check, the importance of visibility and accountability, and the need for automation. Read More

Ferruh Mavituna is Interviewed About Netsparker by Help Net Security

Category: News - Last Updated: Tue, 07 May 2019 - by Allen Baird
Ferruh Mavituna is Interviewed About Netsparker by Help Net Security

Ferruh Mavituna is interviewed about Netsparker by Help Net Security. The interview focuses on how Netsparker accurately identifies web application vulnerabilities without false positives using its unique Proof-Based technology, prioritizes fixes, prevents bottlenecks in development, discovers services, and deals with the growing problem of scalability. Read More

Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul's Security Weekly Podcast

Category: Web Security Readings - Last Updated: Thu, 20 Dec 2018 - by Allen Baird
Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul's Security Weekly Podcast

In episode #584 of Paul's Security Weekly, Sven Morgenroth, a Netsparker security researcher, discusses PHP Object injection vulnerabilities and explains the dangers of PHP's unserialize function. Sven provides background on PHP Objects, demos how to write an exploit for a PHP Object Injection vulnerability, and explains how to prevent them. Read More

End of Support for PHP 5 and PHP 7.0

Category: Web Security Readings - Last Updated: Tue, 18 Dec 2018 - by Allen Baird
End of Support for PHP 5 and PHP 7.0

At the end of 2018, PHP will stop security updates and support for some of its previous versions. This will expose hundreds of millions of websites to serious risk in terms of sites hacked, user details stolen, and massive fines. You need to update, and use systems that allow you to deploy only new versions of PHP by default. Read More